ISO 27001 Lead Auditor Program
Based upon the ISO 27007:2011 and 19011:2011 uaditing Standards, this one-day course will provide an intensive overview of how to manage an audit of an organization's risk management program in along with its corresponding information security management system. This course will also provide valuable guidance on conducting the audits, and on establishing and validating the competence of ISMS auditors.
Covered topics include:
- Auditing the audit function & program
- Principles of auditing
- Managing an audit program
- Establishing the audit program objectives
- Establishing the audit program
- Role and responsibilities of the person managing the audit program
- Competence of the person managing the audit program
- Determining the extent of the audit program
- Identifying and evaluating audit program risks
- Establishing procedures for the audit program
- Identifying audit program resources
- Implementing the audit program
- Monitoring the audit program
- Reviewing and improving the audit program
- Performing an audit
- Initiating the audit
- Preparing audit activities
- Conducting the audit activities
- Preparing and distributing the audit report
- Completing the audit
- Conducting audit follow-up
- Auditing the ISMS Scope, Policy, Risk Assessment Approach, and ISMS Implementation
- ISO 27001 Audit Criteria
- ISO 27005 Best Practices
- ISO 27007 Evidence Collection Recommendations
- Auditing the ISMS Monitoring and Review
- ISO 27001 Audit Criteria
- ISO 27007 Evidence Collection Recommendations
- Audit the ISMS Documentation Fulfillment
- ISO 27001 Audit Criteria
- Audit the ISMS Organization and Management Commitment
- ISO 27001 Audit Criteria
- ISO 27003 Best Practices
- ISO 27007 Evidence Collection Recommendations
- Auditing ISMS Internal Audit against ISO 27001 Requirements
- ISO 27001 Audit Criteria
- ISO 27007 Evidence Collection Recommendations
- Auditing Management Review
- An overview of using ISO TR 27008 to audit internal controls